Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for otrs2 (DLA-2198-1)
Summary:The remote host is missing an update for the 'otrs2'; package(s) announced via the DLA-2198-1 advisory.
The remote host is missing an update for the 'otrs2'
package(s) announced via the DLA-2198-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in otrs2 (Open source
Ticket Request System)


Support bundle generated files could contain sensitive information
that might be unwanted to be disclosed.


It's possible to craft Lost Password requests with wildcards in the
Token value, which allows attacker to retrieve valid Token(s),
generated by users which already requested new passwords.


When user downloads PGP or S/MIME keys/certificates, exported file
has same name for private and public keys. Therefore it's possible
to mix them and to send private key to the third-party instead of
public key.

Affected Software/OS:
'otrs2' package(s) on Debian Linux.

For Debian 8 'Jessie', these problems have been fixed in version

We recommend that you upgrade your otrs2 packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-1770
SuSE Security Announcement: openSUSE-SU-2020:0551 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:1475 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:1509 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-1772
Common Vulnerability Exposure (CVE) ID: CVE-2020-1774
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2020 E-Soft Inc. All rights reserved.